Vulnerability Summary for the Week of April 16, 2007

Released
Apr 23, 2007
Document ID
SB07-113

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
3proxy -- 3proxyBuffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.
unknown
2007-04-16
10.0CVE-2007-2031
OTHER-REF
Actionpoll -- ActionpollMultiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.
unknown
2007-04-17
7.0CVE-2007-2064
BUGTRAQ
BID
BID
Actionpoll -- ActionpollPHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-17
7.0CVE-2007-2065
BID
Adobe -- Flash Player
Opera Software -- Opera Web Browser
Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and 9.x plug-in on Opera before 9.20, when running on Linux, Solaris, or FreeBSD platforms, has unspecified impact and remote attack vectors.
unknown
2007-04-13
7.0CVE-2007-2022
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Aircrack-ng -- airodump-ngStack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
unknown
2007-04-17
10.0CVE-2007-2057
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
AjPortal2Php -- AjPortal2PhpMultiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/.
unknown
2007-04-19
7.0CVE-2007-2142
MILW0RM
FRSIRT
Akamai Technologies -- Download ManagerStack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.
unknown
2007-04-17
10.0CVE-2007-1891
IDEFENSE
BUGTRAQ
BID
Akamai Technologies -- Download ManagerStack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.
unknown
2007-04-17
10.0CVE-2007-1892
BUGTRAQ
BID
Anthologia -- AnthologiaPHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter.
unknown
2007-04-18
7.0CVE-2007-2094
MILW0RM
BID
Antonis Ventouris -- Weather ModulePHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
unknown
2007-04-16
7.0CVE-2007-2044
MILW0RM
FRSIRT
APOP Protocol -- APOP ProtocolThe APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
unknown
2007-04-16
7.0CVE-2007-1558
BUGTRAQ
Avant-Garde Solutions -- MOSMediaMultiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.
unknown
2007-04-16
7.0CVE-2007-2043
MILW0RM
BID
FRSIRT
BonoEstente -- Joomla Template Be2004-2PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-04-19
7.0CVE-2007-2143
MILW0RM
Cabron Connector -- Cabron ConnectorPHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
unknown
2007-04-19
7.0CVE-2007-2154
MILW0RM
BID
FRSIRT
Cisco -- Wireless Control SystemCisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.
unknown
2007-04-16
7.0CVE-2007-2032
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Wireless LAN ControllerThe SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.
unknown
2007-04-16
10.0CVE-2007-2036
CISCO
BID
FRSIRT
SECTRACK
XF
Clam Anti-Virus -- ClamAVInteger signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
unknown
2007-04-16
7.0CVE-2007-1997
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SECTRACK
eIQnetworks -- Enterprise Security AnalyzerMultiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.
unknown
2007-04-17
10.0CVE-2007-2059
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
FAC Guestbook -- FAC GuestbookFAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.
unknown
2007-04-18
10.0CVE-2007-2100
BUGTRAQ
BID
SECUNIA
XF
FAC Guestbook -- FAC GuestbookFAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-18
10.0CVE-2007-2101
BID
SECUNIA
XF
Franklin Huang -- Flip-search-add-onPHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
unknown
2007-04-19
7.0CVE-2007-2140
BUGTRAQ
Hinton Design -- PHPHD Download SystemPHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006.
unknown
2007-04-18
7.0CVE-2007-2096
BUGTRAQ
Ivan Gallery Script -- Ivan Gallery Script** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use.
unknown
2007-04-17
7.0CVE-2007-2072
BUGTRAQ
VIM
BID
Ivan Gallery Script -- Ivan Gallery ScriptPHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.
unknown
2007-04-17
7.0CVE-2007-2073
VIM
iXon CMS -- iXon CMSMultiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php.
unknown
2007-04-18
7.0CVE-2007-2104
BUGTRAQ
XF
JoomlaPack -- JoomlaPackPHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-04-19
7.0CVE-2007-2144
MILW0RM
FRSIRT
Kai Content Management System -- Kai Content Management SystemDirectory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter.
unknown
2007-04-18
7.0CVE-2007-2106
BUGTRAQ
XF
Kooijman-Design -- jGalleryPHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
unknown
2007-04-19
7.0CVE-2007-2158
MILW0RM
FRSIRT
LANDesk Software -- LANDesk Management SuiteStack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.
unknown
2007-04-17
10.0CVE-2007-1674
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Limesoft -- Limesoft GuestbookDirect static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-18
7.0CVE-2007-2092
FRSIRT
Limesoft -- Limesoft GuestbookDirect static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
unknown
2007-04-18
7.0CVE-2007-2093
BUGTRAQ
MILW0RM
BID
FRSIRT
SECUNIA
XF
Maian -- SearchPHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem."
unknown
2007-04-17
7.0CVE-2007-2077
BUGTRAQ
BUGTRAQ
VIM
McAfee -- VirusScan EnterpriseBuffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.
unknown
2007-04-19
8.0CVE-2007-2152
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via via a long zone name containing character constants represented by escape sequences.
unknown
2007-04-13
10.0CVE-2007-1748
OTHER-REF
OTHER-REF
CERT-VN
SECUNIA
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
XF
MiniGal -- MiniGalThe imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-04-19
7.0CVE-2007-2145
MILW0RM
FRSIRT
MiniGal -- MiniGalThe imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-19
7.0CVE-2007-2146
FRSIRT
Monkey CMS -- Monkey CMSDirectory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter.
unknown
2007-04-18
7.0CVE-2007-2105
BUGTRAQ
XF
my little homepage -- My Little WeblogCross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087.
unknown
2007-04-18
7.0CVE-2007-2102
BUGTRAQ
my little homepage -- my little forumMultiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php.
unknown
2007-04-18
7.0CVE-2007-2103
BUGTRAQ
MyBlog -- MyBlogMyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
unknown
2007-04-17
7.0CVE-2007-2081
BUGTRAQ
BID
MySpeach -- MySpeachPHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498.
unknown
2007-04-18
7.0CVE-2007-2095
BUGTRAQ
Openads -- OpenadsMultiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.
unknown
2007-04-16
7.0CVE-2007-2046
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Openads -- OpenadsCRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-04-16
7.0CVE-2007-2047
OTHER-REF
FRSIRT
OpenConcept -- Back-End CMSMultiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076.
unknown
2007-04-18
7.0CVE-2007-2097
BUGTRAQ
XF
OpenConcept -- Back-End CMSCross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter.
unknown
2007-04-18
7.0CVE-2007-2099
BUGTRAQ
XF
openMairie -- openMairieDirectory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.
unknown
2007-04-17
7.0CVE-2007-2069
MILW0RM
BID
Oracle -- Oracle DatabaseUnspecified vulnerability in the Core RDBMS component Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01.
unknown
2007-04-18
7.0CVE-2007-2108
OTHER-REF
Oracle -- Oracle DatabaseUnspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03.
unknown
2007-04-18
7.0CVE-2007-2110
OTHER-REF
Oracle -- Oracle DatabaseSQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07.
unknown
2007-04-18
7.0CVE-2007-2113
OTHER-REF
Oracle -- Oracle Application Server
Oracle -- Oracle Database
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.
unknown
2007-04-18
7.0CVE-2007-2119
OTHER-REF
OTHER-REF
Oracle -- Oracle Application ServerUnspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
unknown
2007-04-18
7.0CVE-2007-2123
OTHER-REF
Oracle -- Oracle Application ServerUnspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.
unknown
2007-04-18
7.0CVE-2007-2124
OTHER-REF
Oracle -- E-Business SuiteUnspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
unknown
2007-04-18
7.0CVE-2007-2126
OTHER-REF
Oracle -- E-Business SuiteMultiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), and Applications Manager (APPS10).
unknown
2007-04-18
7.0CVE-2007-2127
OTHER-REF
Oracle -- Enterprise ManagerUnspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.
unknown
2007-04-18
7.0CVE-2007-2129
OTHER-REF
Oracle -- PeopleSoft EnterpriseUnspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.
unknown
2007-04-18
7.0CVE-2007-2131
OTHER-REF
Oracle -- PeopleSoft EnterpriseUnspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.
unknown
2007-04-18
7.0CVE-2007-2132
OTHER-REF
Oracle -- PeopleSoft EnterpriseUnspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.
unknown
2007-04-18
7.0CVE-2007-2133
OTHER-REF
PhpWiki -- PhpWikiUnrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
unknown
2007-04-13
7.0CVE-2007-2025
MLIST
OTHER-REF
Rezervi Generic -- Rezervi GenericMultiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/.
unknown
2007-04-19
7.0CVE-2007-2156
MILW0RM
FRSIRT
Rha7 Downloads -- Rha7 DownloadsSQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-18
7.0CVE-2007-2107
FRSIRT
Secustick -- Secustick USB flash driveUSB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.
unknown
2007-04-13
7.0CVE-2007-2023
OTHER-REF
OTHER-REF
ShoutPro -- ShoutProDirect static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.
unknown
2007-04-19
7.0CVE-2007-2141
BUGTRAQ
MILW0RM
BID
FRSIRT
SiteBar -- SiteBarMultiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parametere to index.php and the (2) file parameter to Integrator.php.
unknown
2007-04-18
7.0CVE-2007-2088
BUGTRAQ
XF
Stephen Craton -- Chatnessadmin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
unknown
2007-04-19
10.0CVE-2007-2147
BUGTRAQ
FRSIRT
SECUNIA
Stephen Craton -- ChatnessStephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.
unknown
2007-04-19
10.0CVE-2007-2149
BUGTRAQ
FRSIRT
SECUNIA
Sun -- Solaris
Sun -- Java Web Console x86
Sun -- Java Web Console
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
unknown
2007-04-19
10.0CVE-2007-1681
BUGTRAQ
OTHER-REF
SUNALERT
BID
FRSIRT
Tsdisplay4xoops -- Tsdisplay4xoopsPHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter.
unknown
2007-04-18
7.0CVE-2007-2091
MILW0RM
BID
FRSIRT
TuMusika Evolution -- TuMusika EvolutionCross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2007-04-18
7.0CVE-2007-2090
BUGTRAQ
FRSIRT
SECUNIA
XF
Turnkey Web Tools -- SunShop Shopping CartMultiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 3.5 and 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.
unknown
2007-04-17
7.0CVE-2007-2070
MILW0RM
BID
VCDGear -- VCDGearStack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.
unknown
2007-04-17
8.0CVE-2007-2062
BUGTRAQ
MILW0RM
BID
SECUNIA
XF
Wabbit -- Wabbit PHP GalleryMultiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters.
unknown
2007-04-18
7.0CVE-2007-2098
BUGTRAQ
WebSlider -- WebSliderMultiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.
unknown
2007-04-17
7.0CVE-2007-2067
MILW0RM
FRSIRT
XF
XAMPP -- Apache DistributionThe ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.
unknown
2007-04-17
10.0CVE-2007-2079
MILW0RM
BID
XF
XAMPP -- Apache DistributionMultiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
unknown
2007-04-17
7.0CVE-2007-2080
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
@Mail -- @MailCross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
2007-04-05
2007-04-19
5.6CVE-2007-2153
BUGTRAQ
OTHER-REF
BID
XF
Apache Software Foundation -- Apache HTTP ServerMultiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
unknown
2007-04-13
5.6CVE-2007-1741
IDEFENSE
MLIST
MLIST
BID
SECTRACK
XF
Avant-Garde Solutions -- MOSMediaMultiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-16
5.6CVE-2007-2042
FRSIRT
Cisco -- Wireless Control SystemUnspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.
unknown
2007-04-16
4.2CVE-2007-2033
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Wireless Control SystemUnspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, does not related to the group membership of user accounts, aka Bug ID CSCsg05190.
unknown
2007-04-16
6.0CVE-2007-2034
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Wireless LAN ControllerCisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.
unknown
2007-04-16
5.6CVE-2007-2040
CISCO
BID
FRSIRT
SECTRACK
XF
CNStats -- CNStatsMultiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
unknown
2007-04-18
5.6CVE-2007-2086
MILW0RM
BID
SECUNIA
XF
CNStats -- CNStatsMultiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-18
5.6CVE-2007-2087
SECUNIA
Jx Development -- Article ComponentMultiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.
unknown
2007-04-18
5.6CVE-2007-2089
MILW0RM
BID
FRSIRT
XF
Macrovision -- InstallAnywhereMacrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
unknown
2007-04-19
4.9CVE-2007-1009
BUGTRAQ
OTHER-REF
BID
FRSIRT
Maian -- GalleryPHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0."
unknown
2007-04-17
5.6CVE-2007-2076
BUGTRAQ
BUGTRAQ
VIM
XF
Maian -- Weblog** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use.
unknown
2007-04-17
5.6CVE-2007-2078
BUGTRAQ
VIM
Mambo -- Mambo CalendarMultiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
unknown
2007-04-16
5.6CVE-2007-2049
MILW0RM
BID
MobilePublisherPHP -- MobilePublisherPHPPHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/.
unknown
2007-04-18
5.6CVE-2007-2084
BUGTRAQ
XF
MyBlog -- MyBlogDirect static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
unknown
2007-04-17
4.2CVE-2007-2082
BUGTRAQ
oe2edit -- oe2edit CMSCross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-04-18
5.6CVE-2007-2085
OTHER-REF
BID
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06).
unknown
2007-04-18
4.2CVE-2007-2109
OTHER-REF
Oracle -- Oracle DatabaseSQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitraary SQL commands via unknown vectors, aka DB04.
unknown
2007-04-18
4.2CVE-2007-2111
OTHER-REF
OTHER-REF
Oracle -- Oracle DatabaseUnspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05.
unknown
2007-04-18
4.9CVE-2007-2112
OTHER-REF
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11.
unknown
2007-04-18
4.2CVE-2007-2114
OTHER-REF
Oracle -- Oracle DatabaseUnspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09.
unknown
2007-04-18
4.9CVE-2007-2115
OTHER-REF
Oracle -- Oracle DatabaseUnspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.2.0.1 has unknown impact and attack vectors, aka DB10.
unknown
2007-04-18
4.9CVE-2007-2116
OTHER-REF
Oracle -- Oracle DatabaseUnspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.5 has unknown impact and attack vectors, aka DB12.
unknown
2007-04-18
4.9CVE-2007-2117
OTHER-REF
Oracle -- Oracle DatabaseUnspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13.
unknown
2007-04-18
4.9CVE-2007-2118
OTHER-REF
Oracle -- Oracle Application ServerUnspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.
unknown
2007-04-18
4.9CVE-2007-2121
OTHER-REF
Oracle -- Oracle Application ServerUnspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.
unknown
2007-04-18
4.9CVE-2007-2122
OTHER-REF
Oracle -- Collaboration SuiteUnspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01.
unknown
2007-04-18
4.9CVE-2007-2125
OTHER-REF
Oracle -- E-Business SuiteUnspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
unknown
2007-04-18
4.2CVE-2007-2128
OTHER-REF
Oracle -- Collaboration Suite
Oracle -- E-Business Suite
Oracle -- Oracle Application Server
Oracle -- Oracle Database Server
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.
unknown
2007-04-18
4.2CVE-2007-2130
OTHER-REF
Oracle -- JD Edwards EnterpriseOneUnspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.
unknown
2007-04-18
4.9CVE-2007-2134
OTHER-REF
PhpWiki -- PhpWikiUnrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
unknown
2007-04-13
5.6CVE-2007-2024
BUGTRAQ
BUGTRAQ
BUGTRAQ
MLIST
CERT-VN
SECUNIA
FRSIRT
PicoZip -- PicoZipDirectory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
unknown
2007-04-17
5.6CVE-2007-2058
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Republique Francaise -- AgoraPHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.
unknown
2007-04-18
5.6CVE-2006-7194
BUGTRAQ
MILW0RM
OTHER-REF
XF
ScramDisk 4 Linux -- ScramDisk 4 LinuxCertain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers.
unknown
2007-04-17
4.9CVE-2007-2074
OTHER-REF
BID
FRSIRT
SECUNIA
ScramDisk 4 Linux -- ScramDisk 4 LinuxScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.
unknown
2007-04-17
5.6CVE-2007-2075
OTHER-REF
BID
FRSIRT
SECUNIA
Second Sight Software -- ActiveGSMultiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-04-19
5.6CVE-2007-1690
CERT-VN
Second Sight Software -- ActiveModStack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-04-19
5.6CVE-2007-1691
CERT-VN
Stephen Craton -- ChatnessDirect static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
unknown
2007-04-19
4.2CVE-2007-2148
BUGTRAQ
FRSIRT
SECUNIA
StoreFront for Gallery -- StoreFront for GalleryMultiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.
unknown
2007-04-17
5.6CVE-2007-2068
MILW0RM
BID
Wizz Computers -- Wizz RSS ReaderCross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.
unknown
2007-04-17
5.6CVE-2007-2060
OTHER-REF
CERT-VN
Zone Labs -- ZoneAlarm Provsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
unknown
2007-04-17
5.6CVE-2007-2083
BUGTRAQ
OTHER-REF
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AfterLogic -- MailBee WebMail ProCross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
2007-04-05
2007-04-17
1.9CVE-2007-2061
BUGTRAQ
OTHER-REF
BID
XF
AMaViS -- AMaViS
Gentoo -- Gentoo Security
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
unknown
2007-04-13
3.3CVE-2007-2026
OTHER-REF
OTHER-REF
Apache Software Foundation -- Apache HTTP Serversuexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
unknown
2007-04-13
3.9CVE-2007-1743
IDEFENSE
MLIST
MLIST
SECTRACK
bftpd -- bftpdBuffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
unknown
2007-04-16
2.3CVE-2007-2051
OTHER-REF
FRSIRT
BlueArc -- TitanBlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
unknown
2007-04-19
3.3CVE-2007-2150
BUGTRAQ
BID
chCounter -- chCounterCross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.
unknown
2007-04-13
1.9CVE-2007-1871
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Cisco -- Wireless Control SystemCisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.
unknown
2007-04-16
3.3CVE-2007-2035
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Wireless LAN ControllerCisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
unknown
2007-04-16
1.9CVE-2007-2037
CISCO
BID
FRSIRT
SECTRACK
XF
Cisco -- 2000 Series Wireless LAN Controller
Cisco -- 2100 Series Wireless LAN Controller
Cisco -- 4100 Series Wireless LAN Controller
Cisco -- 4400 Series Wireless LAN Controller
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.
unknown
2007-04-16
3.3CVE-2007-2038
CISCO
BID
FRSIRT
SECTRACK
XF
Cisco -- Wireless LAN ControllerThe Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.
unknown
2007-04-16
3.3CVE-2007-2039
CISCO
BID
FRSIRT
SECTRACK
XF
Cisco -- 4400 Series Wireless LAN Controller
Cisco -- 2100 Series Wireless LAN Controller
Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.
unknown
2007-04-16
3.7CVE-2007-2041
CISCO
BID
FRSIRT
SECTRACK
XF
Clam Anti-Virus -- ClamAV
ifenslave -- ifenslave
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
unknown
2007-04-16
2.7CVE-2007-1745
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Elinks -- ElinksUntrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 adds "../po" to the search path for .po files, which might allow local users to cause Elinks to use an untrusted gettext message catalog, which can be leveraged to conduct format string attacks.
unknown
2007-04-13
3.9CVE-2007-2027
OTHER-REF
OTHER-REF
FreeRADIUS -- FreeRADIUSMemory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
unknown
2007-04-13
2.3CVE-2007-2028
OTHER-REF
MANDRIVA
BID
FRSIRT
SECUNIA
SECUNIA
lighttpd -- lighttpdlighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
unknown
2007-04-17
2.3CVE-2007-1869
OTHER-REF
FRSIRT
SECUNIA
lighttpd -- lighttpdlighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
unknown
2007-04-17
3.3CVE-2007-1870
OTHER-REF
FRSIRT
SECUNIA
McAfee -- e-Business ServerThe administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read.
unknown
2007-04-19
3.3CVE-2007-2151
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Mephisto -- MephistoCross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
unknown
2007-04-13
1.9CVE-2007-1873
BUGTRAQ
BUGTRAQ
OTHER-REF
FRSIRT
Open-gorotto -- Open-gorottoMultiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.
unknown
2007-04-17
1.9CVE-2007-2071
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
Oracle -- Oracle Application ServerThe Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP commmand in a request that uses the database/TNS alias.
unknown
2007-04-18
3.3CVE-2007-2120
OTHER-REF
OTHER-REF
Paul Vixie -- Vixie CronVixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
unknown
2007-04-17
1.6CVE-2007-1856
GENTOO
BID
phpFaber -- TopSitesDirectory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php.
unknown
2007-04-19
3.3CVE-2007-2155
BUGTRAQ
OTHER-REF
VIM
BID
XF
Python Software Foundation -- PythonOff-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
unknown
2007-04-16
3.3CVE-2007-2052
OTHER-REF
OTHER-REF
Red Hat -- Red Hat Fedora Core
Red Hat -- Red Hat Enterprise Linux
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
unknown
2007-04-16
2.3CVE-2007-2030
OTHER-REF
RicarGBooK -- RicarGBooKMultiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.
unknown
2007-04-16
2.3CVE-2007-2050
MILW0RM
SECUNIA
BID
FRSIRT
XF
SSH Communications Security -- SSH Tectia ServerSSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
unknown
2007-04-17
3.9CVE-2007-2063
OTHER-REF
BID
SECTRACK
SECUNIA
Sun -- SolarisUnspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.
unknown
2007-04-16
2.3CVE-2007-2045
SUNALERT
FRSIRT
SECTRACK
SECUNIA
XF
Toenda Software Development -- toendaCMSCross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.
unknown
2007-04-13
1.9CVE-2007-1872
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
UseBB -- UseBBUseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message.
unknown
2007-04-17
2.3CVE-2007-2066
OTHER-REF
OTHER-REF
SECUNIA
webMethods -- GlueDirectory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.
2007-03-20
2007-04-16
2.3CVE-2007-2048
BUGTRAQ
OTHER-REF
BID
FRSIRT
Zomplog -- ZomplogDirectory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-04-19
3.3CVE-2007-2157
MILW0RM
FRSIRT

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.